News Bytes

Contents:

Please submit your News Bytes items in
plain text; other formats may be rejected without reading.
[You have been warned!] A one- or two-paragraph summary plus a URL has a
much higher chance of being published than an entire press release. Submit
items to bytes@linuxgazette.net. Deividson can also be reached via twitter.

News in General

Next Ubuntu will shed 'Netbook' Edition

The next release of Ubuntu, code-named Natty Narwal, is expected in
the next few weeks, but there will be only 2 major platforms targeted.

The development of future Ubuntu distributions will merge into a
single version of Ubuntu for desktops and netbooks, known simply as
"Ubuntu" for Version 11.04. See more details in the Distros section,
below.

20th Anniversary of Linux Celebrations Kick Off at the LF Summit

The Linux community will come together to celebrate 20 years of Linux.
In August of 1991, Linux creator Linus Torvalds posted what today is a
famous or infamous
message
to share with the world that he was building a new operating
system. The Linux Foundation will kick-off months of 20th Anniversary
celebrations starting at the Collaboration Summit in San Francisco,
April 5-8. Attendees will learn what else is in store for the months
leading up to the official celebration in August of 2011.

The Linux Foundation invites everyone in the Linux community to participate in
celebrating this important milestone. There will be a variety of ways
to get involved, including an opportunity to record a personal message
to the rest of the community about Linux' past, present and/or future
in the the "20th Anniversary Video Booth." The Booth will be located
in the lobby area of the Collaboration Summit, and the messages will
be compiled into a display to be shared online and at LinuxCon in
August.

"The Linux Foundation Collaboration Summit continues to be one of our
most important events of the year.," said Jim Zemlin, executive
director at The Linux Foundation. "The Summit will showcase how Linux
is maturing while kicking off an important year for the OS that will
include 20th anniversary celebrations where people from throughout the
community can participate online or at our events in a variety of
different ways."

Android Developers Confident about Oracle-Google Litigation

Attendance at AnDevCon in March was almost a sellout and indicative of
the rapid growth of Android in the Open Source Community. Google IO
did sell out in less than an hour of open registration. At this
event, 36% of attendees came from organizations with more than 1000
developers and about 50% came from organizations with more than 100
developers.

Oracle sued Google in August of 2010 over its possible use of Java
source code in Android without licensing.

During the conference, representatives from Black Duck and competing
firm Protocode both told LG that most large firms involved in
developing Android apps seem relatively unconcerned about the legal
battle between Oracle and Google. Many of these issues have played
out before for Linux veterans and a relative calm pervades the Android
community.

Said Peter Vescuso of Black Duck software, "Google is the goat to
sacrifice at Oracle's altar", meaning that most developers do not
expect any serious legal threats to be directed at them.

He added that many of their customers were using Android, including 8
of 10 biggest hand set makers. "The most shocking thing about the law
suit is that there is almost no reaction from customers; it's not
their problem."

Black Duck made an analysis of 3800 mobile open source companies in
2010. This has been roughly doubling every year since 2008. When Black
Duck looked at development platform, 55% listed Android, 39% listed IOS,
which was not surprising as even iPhone apps use chunks of open source
code. Android has the advantage of being GPL-based, while IOS is not.

According to Protocode's Kamil Hassin, some of their smaller
Android customers have been hesitant about the potential outcome of
Oracle's litigation but many are now moving more into Andriod
development.

He noted that Black Duck focused on bigger companies with large code
bases, while Protocode's products were lighter weight and focused more
on where FOSSw occured internally, especially code from Apache Ant,
Derby, MySQL, and even more on PostgreSQL.

Google Delays Honeycomb Delivery to Open Source

Google will delay releasing its Honeycomb source code for the new
series of Android-based tablet computers as it works on bugs and
hardware compatibility issues. Honeycomb is called Android 3.0, while
mobile phone developers are expecting the release of Android 2.4
shortly.

Google has indicated that some UI improvements will be back-ported to
Android phones in 2.4.

Speaking with Bloomberg News on March 25th, Andy Rubin, Google's
top honcho for Android development, said that they would not release the
source code for the next several months
because there was a lot more work to do to make the newer OS ready for
"other device types including phones". Instead, source code access
will remain only with major partners such as HTC and Motorola.

Developer blogs initially showed mixed opinions of the delay, with a
few developers recognizing that Google was trying to get a better and
more consistant user-experience for future Android tablets, especially
less expensive models that will come from small third world
manufacturers.

Oracle dropping future Itanium development for its Database

In March, Oracle announced that it would discontinue development work
for future versions of the Oracle database on Intel Itanium RISC
platform. In a press statement, Oracle said, "Intel management made
it clear that their strategic focus is on their x86 microprocessor and
that Itanium was nearing the end of its life."

Oracle pointed to trends that show no real growth in Itanium
platforms, which are almost exclusively sold by its rival HP. Intel
publically defended its chip platform and said work would continue on
the next 2 generations of Itanium - Poulsen and Kittson, but did not
state clear support for the future of Itanium after that.

Oracle support would continue for current versions of its database
running on Itanium for the next several years, but would be stopping
development on new versions. This would have a negative effect on
future sales of HP SuperDome servers and force current customers to
reconsider strategic vendor relationships.

According to a blog at Forrester Research, "Oracle's database is a
major workload on HP's Itanium servers, with possibly up to 50% of
HP's flagship Superdome servers running Oracle. A public statement
from Oracle that it will no longer develop their database software
will be a major drag on sales for anyone considering a new Oracle
project on HP-UX and will make customers and prospects nervous about
other key ISV packages as well."

Oracle revenues and profits were up for the first quarter of 2011
and exceeded analysts' expectations. Total revenue for the quarter
ending Feb. 28 gained 37 percent to $8.76 billion.

Oracle CEO Larry Ellison said that the products and IP acquired from
Sun Microsystems get the lion's share of the credit. Ellison noted
that revenue from the Sun-built Exadata database server - which he
claimed was the fastest database server in the world - has doubled
to $2 billion.

APT Breach at RSA may undermine SecureID

Security stalwart and edifice RSA, the home of the ubiquitous RSA
algorithm and provider of 2-factor security devices, announced that it
had been breached by sophisticated attackers who were after the
Intellectual Property used in such devices. RSA has filed an 8-K
SecureCare document and the Federal Government is investigating the
incidents. In the first few days that followed, RSA did not offer
details about the exploit or the specifics of what was taken.

The announcement of the breach came on St. Patrick's Day and led to a
lot of reflection by network and systems security experts. In the
forefront of many on-line comments is concern for the very large
customer base around the world using RSA's SecureID products.

RSA said:
"Our investigation has led us to believe that the attack is in the
category of an Advanced Persistent Threat (APT). Our investigation
also revealed that the attack resulted in certain information being
extracted from RSA's systems. Some of that information is specifically
related to RSA's SecurID two-factor authentication products. While at
this time we are confident that the information extracted does not
enable a successful direct attack on any of our RSA SecurID customers,
this information could potentially be used to reduce the effectiveness
of a current two-factor authentication implementation as part of a
broader attack. We are very actively communicating this situation to
RSA customers and providing immediate steps for them to take to
strengthen their SecurID implementations."

LG spoke with Steve Shillingford, president and CEO, Solera Networks,
who pointed to the value of Network Forensics in this type of attack
and explained that, "RSA is able to say specifically what happened -
Advanced Persistent Threat (APT) - and what was and was not
breached - SecurID code, but no customer records. Compare RSA to the
many companies breached in the Aurora attacks, and the difference in
insight is striking. Intel had stated that though they knew they had
been breached they had no specific evidence of IP taken - very
different than the evidence that RSA cites."

Shillingford also told LG: "Many companies and organizations are using
NF for complete network visibility and situational awareness, to limit
the kind of exposure RSA is noting. NF enables superior security
practice, which is especially important when you're working with
private customer security records and systems, in this case. It is
difficult for customers to put trust in an organization that has
difficulty calculating the extent of an attack and its source,
especially today."

Shillingford recommended that RSA take the following steps:

Take steps to further obfuscate the SecurID code that was breached,
to limit what can be done with the compromised information

Take an 'open' approach, recognizing that the exposed code will
produce reaction/response that accomplishes tighter SecurID security.

Securosis, another security firm, drew similar lessons in a company
blog and asked questions such as "Are all customers [e]ffected or only
certain product versions and/or configurations?"

Securosis recommended waiting a few days if you use SecureID for
banking or at other financial institutions and then requesting updated
software and security tokens. RSA is already offering their customers
advice on hardening SecureID transactions, including the obvious
lengthening and obscuring of passwords used with 2-factor
authentication. See their blog posting at:
http://securosis.com/blog/rsa-breached-secureid-affected.

And NSS Labs, a security testing service, recommends that
organizations using SecureID to protect sensitive information should
consider eliminating remote access until all issues are resolved.

RSA Conference Offers Multiple Data Breach Reports

Multiple reports on the state of cyber-security were available at this
year's RSA security conference and the conclusions are that the trends
are getting worse. And this was before RSA itself was breached.

Every year, Verizon Business publishes the Data Breach Investigations
Report (DBIR), which presents a unique and detailed view into how
victims get breached, as well as how to prevent data breaches. It is
released early in the year, usually in time for the RSA security
conference or just preceeding it.

Much of this data is collected by the Veris website, an anonymous data
site maintained by ICSA Labs and Verizon, located
here.

In order to better to facilitate more information sharing on security
incidents, Verizon released VERIS earlier this year for free public
use.

Data breaches continue to plague organizations worldwide, and the DBIR
series, with additional info from the US Secret Service, now spans
six years, more than 900 breaches, and over 900 million compromised
records. The joint goal is to distinguish who the attackers are, how
they're getting in, and what assets are targeted.

Two shocking stats from the 2010 DBIR were:

86% of victims had evidence of the breach in their log files;

96% of breaches were avoidable through simple or intermediate
controls (+9%).

This leads to the conclusion that simple scans and basic data mining
from these logs could alert most organizations to anomalous activity.

Organizations are encountering more cybersecurity events but the
events, on average, are costing significantly less than in the
previous year, according to the 2011 CyberSecurity Watch Survey
conducted by CSO magazine, and sponsored by Deloitte. Twenty-eight
percent of respondents have seen an increase in the number of events
in the 2011 study and 19% were not impacted by any attacks, compared
to 40% in the 2010 study.

More than 600 respondents, including business and government
executives, professionals and consultants, participated in the survey that is
a cooperative effort of CSO, the U.S. Secret Service,
the Software Engineering Institute CERT Program at Carnegie Mellon
University and Deloitte.

The 2011 CyberSecurity Watch Survey uncovered that more attacks (58%)
are caused by outsiders (those without authorized access to network
systems and data) versus 21% of attacks caused by insiders (employees
or contractors with authorized access) and 21% from an unknown source;
however 33% view the insider attacks to be more costly, compared to
25% in 2010. Insider attacks are becoming more sophisticated, with a
growing number of insiders (22%) using rootkits or hacker tools
compared to 9% in 2010, as these tools are increasingly automated and
readily available.

Another cybersecurity threat are increasing cyber-attacks from foreign
entities, which has doubled in the past year from 5% in 2010 to 10% in
2011.

By mid-2010, Facebook recorded half a billion active users, Not
surprisingly, this massive user base is heavily targeted by scammers
and cybercriminals, with the number and diversity of attacks growing
steadily throughout 2010 - malware, phishing and spam on social
networks have all continued to rise in the past year.

The survey found that:

40% of social networking users quizzed have been sent malware
such as worms via social networking sites, a 90% increase since
April 2009;

Two thirds (67%) say they have been spammed via social
networking sites, more than double the proportion less than two
years ago;

43% have been on the receiving end of phishing attacks, more
than double the figure since April 2009.

The US continues to be the home of most infected web pages. However,
over the past six months alone, European countries have become a more
abundant source of malicious pages, with France in particular
displacing China from the second spot, increasing its contribution
from 3.82% to 10.00% percent of global malware-hosting websites.

The full Security Threat Report 2011 contains much more information
and statistics on cybercrime in 2010, as well as predictions for
emerging trends, and can be
downloaded free of charge.

Apple Revenue to Surpass IBM and HP

According a Bloomberg News interview with Forrester founder and CEO
George Colony, Apple revenues, fueled by mobile 'apps', may grow about
50% this year. At that rate, Apple's revenues would surpass IBM's in
2011 and then HP's in 2012. In 2010, Apple's market valuation passed
that of Microsoft.

Several analysts surveyed by Bloomberg think that Apple's revenue will
exceed $100 billion, IBM's current revenue, with a growing share of
its revenue coming from internet apps. Colony also thought the trend
to such mini-applications may undermine revenues for other companies
from websites and web advertising. This could spell some trouble for
Google and Yahoo, among others, although the Android market place for
apps is catching up to Apple's.

But Colony also saw a downside to Apple's reliance on iconic Steve
Jobs to get the best designs and technology into future Apple
products. "Remember, every two years they have to fill that store
with new stuff. Without Steve Jobs as the CEO, I think it will be
much harder for them to do that. That would be a massive, massive hit
to the valuation."

Distro News

Natty Narwhal Alpha 3 will become Ubuntu 11.04

Alpha 3 is the third in a series of milestone CD images that will be
released throughout the Natty development cycle. The 11.04 version of
Ubuntu is expected some time in April or early May.

In March, Cannonical announced that Ubuntu releases from 11.4 would no
longer have separate netbook editions. The desktops will be
standardized for all users and simply be called Ubuntu 11.04, and the
server edition will be called Ubuntu Server 11.04.

Pre-releases of Natty are not recommended for anyone needing a stable
system or anyone who is not comfortable with occasional or frequent
lockup or breakage. They are, however, recommended for Ubuntu
developers and those who want to help in testing and reporting and
fixing bugs in the 11.04 release.

New packages showing up in this release include:

LibreOffice 3.3.1

Unity 3.6.0

Linux Kernel 2.6.38-rc6.

Upstart 0.9

Dpkg 1.16.0-pre + multi-arch snapshot

The Alpha images are claimed to be reasonably free of show-stopper CD
build or installer bugs, while representing a very recent snapshot of
Natty. You can download it here:

openSUSE 11.4 now out

In March, the 11.4 version of the openSUSE brought significant
improvements along with the latest in Free Software applications.
Combined with new tools, projects and services around the release,
11.4 shows growth for the openSUSE Project.

11.4 is based around Kernel 2.6.37 which improves the scalability of
virtual memory management and separation of tasks executed by terminal
users, leading to better scalability and performance and less
interference between tasks. The new kernel also brings better hardware
support, with open Broadcom Wireless drivers, improved Wacom support
and many other new or updated drivers. It also supports the
improvements to graphic drivers in the latest Xorg and Mesa shipped,
so users will enjoy better 2D and 3D acceleration.

New tools for an enhanced boot process. The latest gfxboot 4.3.5
supports VirtualBox and qemu-kvm while Vixie Cron has been replaced
with Cronie 1.4.6 supporting the PAM and the SELinux security
frameworks. More experimental software options include GRUB2 and
systemd.

The KDE Plasma Desktop 4.6 introduces script-ability to window manager
KWin and easier Activity management as well as improvements to network
and bluetooth handling. Stable GNOME 2.32 improves usability and
accessibility. 11.4 also has GNOME Shell, part of the upcoming GNOME3,
available for testing.

Firefox 4.0, first to ship in 11.4, introduces a major redesign of
the user interface with tabs moved to the top of the toolbar, support
for pinning of tabs and more. Firefox Sync synchronizes bookmarks,
history, passwords and tabs between all your installations. Firefox 4
also supports newer web standards like HTML5, WebM and CSS3. Version
11.4 of openSUSE includes up to date Free Software applications as
it's the first major distribution to ship LibreOffice 3.3.1 with
features like import and edit SVG files in Draw, support for up to 1
million rows in Calc and easier slide layout handling in Impress. 11.4
also debuts the result of almost 4 years of work with the Scribus 1.4
release based on Qt 4 and Cairo technology. Improved text rendering,
undo-redo, image/color management and vector file import are
highlights of this release.

11.4 brings the latest virtualization stack with Xen 4.0.2 introducing
memory overcommit and a VMware Workstation/player driver, VirtualBox
4.0.4 supporting VMDK, VHD, and Parallels images, as well as resizing
for VHD and VDI and KVM 0.14 with support for the QEMU Enhanced Disk
format and the SPICE protocol. As guest, 11.4 includes open-vm-tools
and virtualbox-guest-tools, and seamlessly integrates clipboard
sharing, screen resizing and un-trapping your mouse.

Gentoo Linux LiveDVD 11.0

Gentoo Linux announced the availability of a new LiveDVD to celebrate
the continued collaboration between Gentoo users and developers. The
LiveDVD features a superb list of packages, among which are Linux
Kernel 2.6.37 (with Gentoo patches), bash 4.1, glibc 2.12.2, gcc
4.5.2, python 2.7.1 and 3.1.3, perl 5.12.3, and more.

The LiveDVD is available in two flavors: a hybrid x86/x86_64 version,
and an x86_64 multilib version. The livedvd-x86-amd64-32ul-11.0
version will work on 32-bit x86 or 64-bit x86_64. If your CPU
architecture is x86, then boot with the default gentoo kernel. If your
arch is amd64 then boot with the gentoo64 kernel. This means you can
boot a 64bit kernel and install a customized 64bit userland while
using the provided 32bit userland. The livedvd-amd64-multilib-11.0
version is for x86_64 only.

Software and Product News

New Firefox 4 available for Linux and other platforms

Mozilla has released Firefox 4, the newest version of the popular,
free and open source Web browser.

Firefox 4 is available to download for Windows, Mac OS X and Linux in
more than 80 languages. Firefox 4 will also be available on Android
and Maemo devices soon.

Firefox 4 is the fastest Firefox yet. With dramatic speed and
performance advancements across the board, Firefox is between two and
six times faster than previous releases.

The latest version of Firefox also includes features like App Tabs and
Panorama, industry-leading privacy and security features like Do Not
Track and Content Security Policy to give users control over their
personal data. Firefox Sync gives users access to their history,
bookmarks, open tabs and passwords across computers and mobile
devices.

Firefox supports modern Web technologies, including HTML5. These
technologies are the foundation for building amazing websites and Web
applications.

Novell Offers Free Version of Sentinel Log Manager

Novell is offering a free version of its Sentinel Log Manager. The new
version will allow customers to leverage key capabilities of Sentinel
Log Manager including log collection at 25 events per second, search
and reporting capabilities for compliance requirements and security
forensics. Customers can easily upgrade to a full license that
supports additional features such as distributed search and log
forwarding.

The release of the free version of Novell Sentinel Log Manager makes
it simpler for customers to start using log management as a tool to
improve security and ensure regulatory compliance. Novell Sentinel Log
Manager includes pre-configured templates to help customers quickly
and easily generate custom compliance reports. Novell Sentinel Log
Manager also uses non-proprietary storage technology to deliver
intelligent data management and greater storage flexibility.

"Strained IT departments are struggling to keep up with stringent
regulatory compliance mandates. With the release of the free version
of Sentinel Log Manager, Novell is showing a strong commitment to
reducing the burden of regulatory compliance," said Brian Singer,
senior solution manager, Security, Novell. "Log management also
provides the foundation for user activity monitoring, an important
capability that's becoming mandatory to combat emerging threats."

Oracle Enhances MySQL Enterprise Edition

An update to MySQL 5.5 Enterprise Edition is now available from
Oracle.

New in this release is the addition of MySQL Enterprise Backup and
MySQL Workbench along with enhancements in MySQL Enterprise Monitor.

Recent integration with MyOracle Support allows MySQL customers to
access the same support infrastructure used for Oracle Database
customers. Joint MySQL and Oracle customers get faster problem
resolution by using a common technical support interface.

With support for multiple operating systems, including Linux,
Solaris, and Windows, MySQL Enterprise Edition can enable customers
to achieve significant TCO savings over Microsoft SQL Server.

Rackspace Powers 500 Startups, Touches iPad

Kicking Off SXSW Interactive in March, Rackspace Announced its
Rackspace Startup Program and also the availability of Rackspace Cloud
2.0 for iPad, iPhone and iPod.

The Rackspace Startup Program provides cloud computing resources to
startups participating in programs such as 500 Startups,TechStars, Y
Combinator and General Assembly. Through the program Rackspace will
provide one-on-one guidance and cloud compute resources to help power
these startups to success.

In addition to the startup program, Rackspace also announced the
availability of its application, Rackspace Cloud 2.0, now available on
the iPhone, iPad and iPod Touch. It is free of charge and available
via iTunes.

The new application allows system administrators a life away from
their computer to manage the Rackspace Cloud and customize OpenStack
clouds while on the go. In addition, the application allows quick
access to Rackspace Cloud Servers, Cloud Files and supports multiple
Rackspace cloud accounts, including connecting to the UK and US
Clouds. The new application includes Chef integration helping automate
many processes and saving system administrators hours of time and is
one of the first to run on Apple's iOS 4.3, connecting audio and video
on Cloud Files from the application directly to Apple TV.

Rackspace Hosting is a specialist in the hosting and cloud computing
industry, and the founder of OpenStack, an open source cloud platform.

Linpus demos MeeGo-based tablet solution at CeBIT

Linpus, a provider of open source operating system solutions, demoed
its MeeGo-based tablet solution at CeBIT in March. Linpus has created
a ready-to-go tablet solution, based around MeeGo and Intel Atom
processors, with a custom user interface and application suite.

Linpus originally announced its solution, Linpus Lite for MeeGo
Multi-Touch Edition, last November and has since been working to
improve the performance and stability of the product. The solution is
aimed at OEMs and ODMs looking to get a tablet product in the market
as quickly as possible.

Linpus created their own user interface, with an emphasis on
multi-touch interaction, on top of MeeGo. It includes an icon based
application launcher and an additional desktop for organising media
and social streams. Linpus also developed a number of custom
applications, which have all been written in Qt: E-reader, Media
Player, Webcam, Media Sharing, Photo Viewer, Browser, Personalization
and Virtual Keyboard that supports 17 languages and can be customized.
See screen shots here.

The solution is MeeGo compliant, which means users will be able to
take advantage of the Intel AppUp store for additional content. Linpus
is not delivering a device itself, rather it would provide its
software to a device manufacturer looking to create a tablet product.
The minimum specifications for such a device would be an Intel Atom
(Pinetrail or Moorestown), 512 MB RAM, at least 3GB of storage (hard
disk or SSD), a 1024 x 600 display, WiFi/Bluetooth and 3G
connectivity.

Deividson Luiz Okopnik

Deividson was born in União da Vitória, PR, Brazil, on
14/04/1984. He became interested in computing when he was still a kid,
and started to code when he was 12 years old. He is a graduate in
Information Systems and is finishing his specialization in Networks and
Web Development. He codes in several languages, including C/C++/C#, PHP,
Visual Basic, Object Pascal and others.

Deividson works in Porto União's Town Hall as a Computer
Technician, and specializes in Web and Desktop system development, and
Database/Network Maintenance.

Howard Dyckoff

Howard Dyckoff is a long term IT professional with primary experience at
Fortune 100 and 200 firms. Before his IT career, he worked for Aviation
Week and Space Technology magazine and before that used to edit SkyCom, a
newsletter for astronomers and rocketeers. He hails from the Republic of
Brooklyn [and Polytechnic Institute] and now, after several trips to
Himalayan mountain tops, resides in the SF Bay Area with a large book
collection and several pet rocks.

Howard maintains the Technology-Events blog at
blogspot.com from which he contributes the Events listing for Linux
Gazette. Visit the blog to preview some of the next month's NewsBytes
Events.